1 Gabatarwa

Auna ƙarfin kalmar sirri daidai yana da mahimmanci don tabbatar da tsarin tantancewa, amma na'urorin gargajiya sun kasa koyar da masu amfani. Wannan takarda ta gabatar da na'urar farko ta auna ƙarfin kalmar sirri mai fahimta ta yiwuwa ta amfani da koyon na'ura mai zurfi don ba da ra'ayi na tsaro a matakin harafi.

2 Ayyukan Da Aka Yi & Bayanan Baya

2.1 Na'urorin Auna Ƙarfin Kalmar Sirri Na Hikima

Na'urorin farko na auna ƙarfin kalmar sirri sun dogara ne akan hikima mai sauƙi kamar LUDS (ƙidaya ƙananan haruffa, manyan haruffa, lambobi, alamomi) ko ma'anar ƙima ta ad-hoc. Waɗannan hanyoyin suna da cikas a asali saboda ba sa ƙirƙirar ainihin rarraba yiwuwar kalmar sirri kuma suna da rauni ga wasa ta hanyar masu amfani.

2.2 Tsarin Ƙirar Kalmar Sirri Na Yiwuwa

Hanyoyin da suka fi kusa suna amfani da tsarin ƙira na yiwuwa kamar sarkar Markov, hanyoyin sadarwar jijiyoyi, da PCFGs don kimanta yiwuwar kalmar sirri. Duk da cewa sun fi daidaito, waɗannan tsare-tsaren baƙaƙen akwatuna ne waɗanda ke ba da maki tsaro masu duhu kawai ba tare da ra'ayi mai aiki ba.

3 Hanyar Aiki: Na'urorin Auna Ƙarfin Kalmar Sirri Masu Fahimta

3.1 Tsarin Lissafi

Babban ƙirƙira shine rarraba haɗin yiwuwar kalmar sirri zuwa gudummawar matakin harafi. Idan aka ba da kalmar sirri $P = c_1c_2...c_n$, ana kimanta yiwuwar $Pr(P)$ ta amfani da tsarin ƙirar yiwuwar jijiyoyi. An ayyana gudummawar tsaro na harafi $c_i$ kamar haka:

$S(c_i) = -\log_2 Pr(c_i | c_1...c_{i-1})$

Wannan yana auna mamaki (abun ciki na bayanai) na kowane harafi idan aka yi la'akari da mahallinsa, yana ba da fassarar yiwuwar ƙarfin harafi.

3.2 Aiwatar da Koyon Na'ura Mai Zurfi

Marubutan sun aiwatar da wannan ta amfani da tsarin ginin hanyar sadarwar jijiyoyi mai sauƙi wanda ya dace da aiki a gefen abokin ciniki. Tsarin yana amfani da haɗakar haruffa da yadudduka na LSTM/Transformer don ɗaukar dogaro na jeri yayin kiyaye inganci.

4 Sakamakon Gwaji & Kimantawa

4.1 Bayanan Gwaji & Horarwa

An gudanar da gwaje-gwaje akan manyan bayanan kalmar sirri (RockYou, keta LinkedIn). An horar da tsarin don rage mummunan yiwuwar log-likelihood yayin kiyaye ƙayyadaddun fahimta.

4.2 Hoto na Ra'ayi a Matakin Harafi

Hoto na 1 ya nuna tsarin ra'ayi: "iamsecure!" da farko yana da rauni (galibin haruffa ja). Yayin da mai amfani ya maye gurbin haruffa bisa shawarwari ("i"→"i", "a"→"0", "s"→"$"), kalmar sirri ta zama mai ƙarfi tare da ƙarin haruffa kore.

Fassarar Hoto na 1: Ra'ayin mai launi yana nuna gudummawar tsaro a matakin harafi. Ja yana nuna tsarin tsinkaya (maye gurbin gama gari), kore yana nuna haruffa masu mamaki sosai waɗanda ke inganta tsaro sosai.

4.3 Tsaro da Sauƙin Amfani

Tsarin ya nuna cewa masu amfani za su iya samun ƙaƙƙarfan kalmar sirri tare da ƙananan canje-canje (maye gurbin haruffa 2-3) lokacin da aka shiryar da su ta hanyar ra'ayi a matakin harafi, yana inganta sosai fiye da ƙirƙirar kalmar sirri bazuwar ko aiwatar da manufofi.

5 Tsarin Bincike & Nazarin Lamari

Hangen Nesa na Manazarcin Masana'antu

Babban Fahimta: Wannan takarda ta canza tsarin daga auna ƙarfin kalmar sirri zuwa koyar da ƙarfin kalmar sirri. Babban nasara ba tsarin jijiyoyi ba ne—shi ne gane cewa tsarin ƙira na yiwuwa a zahiri suna ɗauke da bayanan da ake buƙata don ra'ayi mai zurfi, idan kawai muka yi tambayoyin da suka dace. Wannan ya yi daidai da ƙarin motsi na AI mai bayyanawa (XAI) wanda ayyuka kamar na Ribeiro da sauransu suka misalta shi "Me Ya Sa Zan Amince da Kai?" (2016), amma ya shafi wani yanki da ba a isa ba sosai: tsaro na mai amfani na yau da kullun.

Kwararar Ma'ana: Hujja tana ci gaba da kyau: (1) Na'urorin auna yiwuwa na yanzu suna da daidaito amma baƙaƙen akwatuna ne masu duhu; (2) Girman yiwuwar da suke kimantawa ba guda ɗaya ba ne—za a iya rarraba shi tare da jerin; (3) Wannan rarrabuwar yana daidaitawa kai tsaye zuwa gudummawar tsaro a matakin harafi; (4) Ana iya nuna waɗannan gudummawar a zahiri. Tsarin lissafi $S(c_i) = -\log_2 Pr(c_i | mahalli)$ yana da kyau musamman—yana canza yanayin ciki na tsari zuwa hankali mai aiki.

Ƙarfi & Kurakurai: Ƙarfin ba shakka ne: haɗa daidaito tare da fahimta a cikin fakitin gefen abokin ciniki. Idan aka kwatanta da na'urorin hikima waɗanda suka kasa a kan maharan masu daidaitawa (kamar yadda aka nuna a cikin binciken Ur et al.'s 2012 SOUPS), wannan hanyar tana kiyaye ƙaƙƙarfan ƙa'idodin yiwuwa. Duk da haka, takardar ta yi ƙasa da muhimmin aibi: fahimtar mahara. Idan maharan sun fahimci abin da ke sa haruffa su zama "kore," za su iya wasa da tsarin. Tsarin ra'ayi na iya haifar da sabbin tsarin tsinkaya—matsalar da take neman magance ta. Marubutan sun ambaci horarwa akan manyan bayanan, amma kamar yadda binciken Bonneau na 2012 na Cambridge ya nuna, rarraba kalmar sirri yana haɓaka, kuma tsari mai tsayayye na iya zama abin alhaki na tsaro.

Fahimta Mai Aiki: Ƙungiyoyin tsaro yakamata su kalli wannan ba kawai a matsayin mafi kyawun ma'auni ba, amma a matsayin kayan aikin horo. Aiwatar da shi a cikin yanayin tsari don koyar da masu amfani kafin aiwatar da samarwa. Haɗa shi da bayanan keta (kamar HaveIBeenPwned) don ra'ayi mai ƙarfi. Mafi mahimmanci, ɗauki launin launi a matsayin farkon mataki—sake maimaitawa bisa yadda maharan suka daidaita. Gaba ba kawai na'urorin masu fahimta ba ne, amma na'urorin masu fahimta masu daidaitawa waɗanda ke koyo daga tsarin kai hari.

Misalin Bincike: Kalmar Sirri "Secure123!"

Ta amfani da tsarin, muna bincika tsarin kalmar sirri na gama gari:

  • S: Tsaro matsakaici (babban harafin farawa na gama gari)
  • ecure: Ƙarancin tsaro (kalmar ƙamus ta gama gari)
  • 123: Ƙarancin tsaro sosai (jerin lambobi mafi gama gari)
  • !: Ƙarancin tsaro (matsayin alama mafi gama gari)

Tsarin zai ba da shawara: maye gurbin "123" da lambobi bazuwar (misali, "409") da kuma matsar da "!" zuwa wani matsayi da ba a saba gani ba, yana inganta ƙarfi sosai tare da ƙananan nauyin ƙwaƙwalwar ajiya.

6 Aikace-aikace na Gaba & Hanyoyin Bincike

  • Ra'ayi na Lokaci Gaskiya Mai Daidaitawa: Na'urorin da ke sabunta shawarwari bisa tsarin kai hari masu tasowa
  • Haɗakar Ma'auni Da Yawa: Haɗa ra'ayin kalmar sirri tare da halayen halayen mutum
  • Aiwatar da Kamfani: Tsare-tsare na al'ada da aka horar akan manufofin kalmar sirri na musamman na ƙungiya
  • Haɗakar Manajan Kalmar Sirri: Tsarin ba da shawara mai himma a cikin manajan kalmar sirri
  • Daidaitawar Harshe Daban-daban: Tsare-tsare da aka inganta don tsarin kalmar sirri marasa Ingilishi

7 Nassoshi

  1. Pasquini, D., Ateniese, G., & Bernaschi, M. (2021). Interpretable Probabilistic Password Strength Meters via Deep Learning. arXiv:2004.07179.
  2. Ribeiro, M. T., Singh, S., & Guestrin, C. (2016). "Why Should I Trust You?": Explaining the Predictions of Any Classifier. Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining.
  3. Ur, B., et al. (2012). How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation. USENIX Security Symposium.
  4. Bonneau, J. (2012). The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords. IEEE Symposium on Security and Privacy.
  5. Weir, M., et al. (2009). Password Cracking Using Probabilistic Context-Free Grammars. IEEE Symposium on Security and Privacy.
  6. Melicher, W., et al. (2016). Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks. USENIX Security Symposium.